Guide from the EDPB concerning Controllers and Processors

There is a published guide from the EDPB concerning Controllers and Processors. It is a guideon the concepts of controller and processor in the GDPR from the European Data Protection Board (EDPB). The intention of the guide, is to clarify the consequences of having one of these roles. There are differens Supervisory Authorities that have been working together to produce this EU-wide guide. The EDPB adopted the guide on 02 September 2020.

It has been noted that there is some ambiguity. Specially regarding when a party takes on the role of personal data controller and personal data processor, respectively. The guide also contains information that explains the different roles. And it can be helpful in the assessment of the roles.

In addition, the guide contains a description and clarification of so-called joint personal data responsibility. For example, when at least two or more parties are responsible for personal data together for a certain processing. The guide also contains descriptions of how the responsibility is to be divided between several people responsible for the same treatment.

Guide from the EDPB concerning Controllers and Processors

The hope is that this guide will facilitate the assessment of the roles that many companies and entrepreneurs face and must implement. The guidance clarifies boundaries and obligations for personal data controllers and personal data assistants.

According to the GDPR, a natural or legal person, can either have the role of a Controller or a Processor. (or sub-processor). The most important thing is to be able to answer the following question: Who determines the purpose and means of personal data processing? The person who does this, is responsible for personal data as a Personal Data Controller.

The EDPB has written the guide in English. But there are also several translations into other languages. The guide contains various sections and explanatory examples. You can read it through the European Data Protection Board’s website.

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_ga	2 years	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.
_gat_gtag_UA_137823009_5	1 minute	This cookie is set by Google and is used to distinguish users.
_gid	1 day	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visted in an anonymous form.

Guide from the EDPB concerning Controllers and Processors

Guide from the EDPB concerning Controllers and Processors

More information

Links

Popular Subjects